End-of-Day report
Timeframe: Freitag 21-07-2023 18:00 - Montag 24-07-2023 18:00
Handler: Robert Waldner
Co-Handler: Stephan Richter
News
Eine einfache Aktion beugt Telefonbetrug vor
Betrüger*innen nutzen gezielt Telefonbücher, um ihre Opfer zu identifizieren. In Visier rücken dabei vor allem ältere Menschen.
https://futurezone.at/digital-life/telefonbetrug-vorbeugen-spam-sperren-blockieren-telefonbuch/402533182
Security baseline for Microsoft Edge version 115
We are pleased to announce the security review for Microsoft Edge, version 115! We have reviewed the new settings in Microsoft Edge version 115 and determined that there are no additional security settings that require enforcement. The Microsoft Edge version 114 security baseline continues to be our recommended configuration which can be downloaded from the Microsoft Security Compliance Toolkit.
https://techcommunity.microsoft.com/t5/microsoft-security-baselines/security-baseline-for-microsoft-edge-version-115/ba-p/3882420
Critical Zero-Days in Atera Windows Installers Expose Users to Privilege Escalation Attacks
Zero-day vulnerabilities in Windows Installers for the Atera remote monitoring and management software could act as a springboard to launch privilege escalation attacks. The flaws, discovered by Mandiant on February 28, 2023, have been assigned the identifiers CVE-2023-26077 and CVE-2023-26078, with the issues remediated in versions 1.8.3.7 and 1.8.4.9 released by Atera on April 17, 2023, [...]
https://thehackernews.com/2023/07/critical-zero-days-in-atera-windows.html
TETRA Radio Code Encryption Has a Flaw: A Backdoor
A secret encryption cipher baked into radio systems used by critical infrastructure workers, police, and others around the world is finally seeing sunlight. Researchers say it isn-t pretty.
https://www.wired.com/story/tetra-radio-encryption-backdoor/
Microsofts gestohlener Schlüssel mächtiger als vermutet
Ein gestohlener Schlüssel funktionierte möglicherweise nicht nur bei Exchange Online, sondern war eine Art Masterkey für große Teile der Mircrosoft-Cloud.
https://heise.de/-9224640
Achtung Fake-Shop: vailia-parfuemerie.com
Bei Vailia Parfümerie finden Sie günstige Kosmetikprodukte und Parfüms. Der Online-Shop macht zwar einen professionellen Eindruck, liefert aber keine Ware. Wenn Sie Ihre Kreditkartendaten als Zahlungsmethode angegeben haben, kommt es entweder zu nicht genehmigten Abbuchungen oder Ihre Daten werden für einen Betrugsversuch zu einem späteren Zeitpunkt missbraucht.
https://www.watchlist-internet.at/news/achtung-fake-shop-vailia-parfuemeriecom/
Palo Alto Networks warnt vor P2P-Wurm für Cloud-Container-Umgebungen
Die neue Malware ist mindestens seit rund zwei Wochen im Umlauf. Sie nimmt eine bekannte Schwachstelle in der Datenbankanwendung Redis ins Visier.
https://www.zdnet.de/88410715/palo-alto-networks-warnt-vor-p2p-wurm-fuer-cloud-container-umgebungen/
Sicherheit: Die AES 128/128 Cipher Suite sollte am IIS deaktiviert werden
Kurzer Informationssplitter aus dem Bereich der Sicherheit, der Administratoren eines Internet Information-Server (IIS) im Windows-Umfeld interessieren könnte.
https://www.borncity.com/blog/2023/07/22/sicherheit-die-aes-128-128-cipher-suite-sollte-am-iis-deaktiviert-werden/
Vulnerabilities
Zenbleed (CVE-2023-20593) - If you remove the first word from the string "hello world", what should the result be?
This is the story of how we discovered that the answer could be your root password! [..] AMD have released an microcode update for affected processors. Your BIOS or Operating System vendor may already have an update available that includes it. Workaround: It is highly recommended to use the microcode update. If you can-t apply the update for some reason, there is a software workaround: you can set the chicken bit DE_CFG. This may have some performance cost.
https://lock.cmpxchg8b.com/zenbleed.html
Security updates for Monday
Security updates have been issued by Debian (webkit2gtk), Fedora (curl, dotnet6.0, dotnet7.0, ghostscript, kernel-headers, kernel-tools, libopenmpt, openssh, and samba), Mageia (virtualbox), Red Hat (java-1.8.0-openjdk and java-11-openjdk), and Scientific Linux (java-1.8.0-openjdk and java-11-openjdk).
https://lwn.net/Articles/939059/
Atlassian Patches Remote Code Execution Vulnerabilities in Confluence, Bamboo
Atlassian patches high-severity remote code execution vulnerabilities in Confluence and Bamboo products.
https://www.securityweek.com/atlassian-patches-remote-code-execution-vulnerabilities-in-confluence-bamboo/
AMI MegaRAC SP-X BMC Redfish Vulnerabilities
https://support.lenovo.com/product_security/PS500570-AMI-MEGARAC-SP-X-BMC-REDFISH-VULNERABILITIES
Multiple vulnerabilities affect the embedded Content Navigator in Business Automation Workflow - CVE-2023-24998, 254437
https://www.ibm.com/support/pages/node/7013897
Vulnerability in IBM Java Runtime affects Host On-Demand
https://www.ibm.com/support/pages/node/7014039
Vulnerability in IBM Java Runtime affects Host On-Demand
https://www.ibm.com/support/pages/node/7014057
IBM App Connect for Manufacturing is vulnerable to a denial of service due to FasterXML jackson-databind (CVE-2022-42004, CVE-2022-42003)
https://www.ibm.com/support/pages/node/7014181
IBM App Connect Enterprise is vulnerable to a remote authenticated attacker due to Node.js (CVE-2023-23920)
https://www.ibm.com/support/pages/node/7014193
IBM Sterling Connect:Direct File Agent is vulnerable to a buffer overflow and unspecified vulnerabilities in IBM Runtime Environment Java Technology Edition (CVE-2023-21930, CVE-2023-21939, CVE-2023-21967, CVE-2023-21968)
https://www.ibm.com/support/pages/node/7009987
Multiple security vulnerabilities have been identified in IBM WebSphere Application Server which is a component of IBM Operations Analytics Predictive Insights
https://www.ibm.com/support/pages/node/7013889
IBM Storage Protect Server is vulnerable to denial of service due to Golang Go ( CVE-2023-24534 )
https://www.ibm.com/support/pages/node/7014223
IBM Storage Protect Server is vulnerable to sensitive information disclosure due to IBM GSKit ( CVE-2023-32342 )
https://www.ibm.com/support/pages/node/7014225